Vulnerabilities > CVE-2022-1183 - Reachable Assertion vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

isc

netapp

CWE-617

NVD

Published: 2022-05-19

Updated: 2022-10-07

Summary

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

Vulnerable Configurations

Part	Description	Count
Application	Isc ISC Bind 9.19.0 ISC Bind 9.18.0 ISC Bind 9.18.1 ISC Bind 9.18.2	4
OS	Netapp Netapp H410C Firmware - Netapp H300S Firmware - Netapp H500S Firmware - Netapp H700S Firmware - Netapp H410S Firmware -	5
Hardware	Netapp Netapp H410C - Netapp H300S - Netapp H500S - Netapp H700S - Netapp H410S -	5

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References